RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission

Summary Queue deletion via the HTTP API was not verifying the configure permission of the user. Impact Users who had all of the following: 1. Valid credentials 2. Some permissions for the target virtual host 3. HTTP API access could delete queues it had no deletion permissions for. Workarounds...

CVE-2024-51988 HTTP API's queue deletion endpoint does not verify that the user has a required permission

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

CVE-2024-51988

CVE-2024-51988 affects RabbitMQ: queue deletion via the HTTP API could bypass the configure permission, allowing users with credentials, some vhost permissions, and HTTP API access to delete queues they should not. Affected versions include Open Source RabbitMQ up to 3.12.10 (fixed in 3.12.11) an...

CVE-2024-51988 HTTP API's queue deletion endpoint does not verify that the user has a required permission

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

SUSE CVE-2024-50109

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10size In raid10run if raid10setqueuelimits succeed, the return value is set to zero, and if following procedures failed raid10run will return zero while mddev-private is still NULL,...

RabbitMQ 访问控制错误漏洞

RabbitMQ is a feature-rich multi-protocol messaging and streaming agent open-sourced by RabbitMQ. An access control error vulnerability exists in RabbitMQ that stems from not validating a user's configure permissions when deleting a queue via the HTTP API. A user with valid credentials, partial...

DEBIAN-CVE-2024-50098

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Set SDEVOFFLINE when UFS is shut down There is a history of deadlock if reboot is performed at the beginning of booting. SDEVQUIESCE was set for all LU's scsidevices by UFS shutdown, and at that time the audio...

UBUNTU-CVE-2024-50109

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10size In raid10run if raid10setqueuelimits succeed, the return value is set to zero, and if following procedures failed raid10run will return zero while mddev-private is still NULL,...

CVE-2024-50135 nvme-pci: fix race condition between reset and nvme_dev_disable()

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvmedevdisable nvmedevdisable modifies the dev-onlinequeues field, therefore nvmepciupdatenrqueues should avoid racing against it, otherwise we could end up passing invalid values to...

CVE-2024-50109 md/raid10: fix null ptr dereference in raid10_size()

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10size In raid10run if raid10setqueuelimits succeed, the return value is set to zero, and if following procedures failed raid10run will return zero while mddev-private is still NULL,...

kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq

in linux kernel, shift undefined behavior occurs in bnxtqpliballocinithwq with hwqattr-auxdepth of nonzero and hwqattr-auxstride of zero...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the nvme-pci module to properly handle queue state when resetting and disabling NVMe devices,...

PT-2025-3593

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue is related to an overflow inside virtnet rq alloc in the virtio-net component. This occurs when a frag just got a page and the sysctl net.core.high order alloc disable value is 1,...

kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment

A vulnerability was found in the Linux kernel's nvme driver. A lack of proper checks can lead to a race condition during the destruction of a queue pair when a controller is being established. This issue can lead to system instability or crashes...

kernel: blk-mq: fix IO hang from sbitmap wakeup race

A possible IO hang from sbitmap wakeup race was found in the Linux kernel. This may lead to compromised Availability...

kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment

A vulnerability was found in the Linux kernel's nvme driver. A lack of proper checks can lead to a race condition during the destruction of a queue pair when a controller is being established. This issue can lead to system instability or crashes...

Vulnerability of the functions EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and BN_GF2m_*() in the Elliptic Curve API of the OpenSSL cryptographic library, which allows a hacker to execute arbitrary code.

The vulnerabilities of the functions ECGROUPnewcurveGF2m, ECGROUPnewfromparams, and BNGF2m in the Elliptic Curve API of the OpenSSL cryptographic library are exploited due to a buffer overflow in the queue. Exploiting these vulnerabilities could allow a remote attacker to execute arbitrary code...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to OpenSSL and libexpat

Summary OpenSSL and Libexpat used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation, and providing weaker than expected security which might allow an attacker to execute arbitrary code on the system. This bulletin identifie...

CVE-2024-50081

In the Linux kernel, the following vulnerability has been resolved: blk-mq: setup queue -tagset before initializing hctx Commit 7b815817aa58 "blk-mq: add helper for checking if one CPU is mapped to specified hctx" needs to check queue mapping via tag set in hctx's cpuhp handler. However, q-tagset...

SUSE CVE-2024-50079

In the Linux kernel, the following vulnerability has been resolved: iouring/sqpoll: ensure task state is TASKRUNNING when running taskwork When the sqpoll is exiting and cancels pending work items, it may need to run taskwork. If this happens from within iouringcancelgeneric, then it may be under...